Notice of Data Security Incident

New Enchantment Group, LLC (“NEG”) recently discovered an incident that involved the personal information of individuals associated with NEG, including NEG employees and employees of certain properties developed and managed by NEG. On October 4, 2022, NEG discovered unusual activity on its computer network and determined that certain data had been encrypted by a third party. Upon identifying the issue, NEG promptly began an internal investigation, notified law enforcement, restored data from backups, and secured its systems. NEG also engaged a forensic security firm to assist with its investigation.

The forensic investigation determined that an unknown, unauthorized third party accessed NEG’s computer systems from October 3, 2022 until October 4, 2022. The investigation determined that the unknown third party accessed and acquired certain documents from NEG’s systems during this period. NEG undertook a comprehensive review of the involved documents and, on December 9, 2022, determined that they contained certain individuals’ personal information. The type of information involved varied for each individual but may have included the following: name, Social Security or national identification number, date of birth, driver’s license number, passport number, financial account number, medical treatment or diagnosis information, and/or health insurance information.

On February 28, 2023, NEG mailed written notifications to individuals whose personal information was involved in the incident and for whom NEG has contact information. Individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. As described in the notification letters, NEG has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers or driver’s license numbers were involved in the incident.

As a precautionary measure, individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes, and steps to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

Contact information for the three national credit reporting agencies is as follows: